My domain is: www.orateldiagnostics.com
I tried certbot renew --dry-run and kept getting 403 error. I have turned off https redirection, updated permissions, etc. I was able to use
certbot -d www.orateldiagnostics.com --manual --preferred-challenges dns certonly
to validate but still not able to get a valid cert for my site.
Any help would be greatly appreciated.
My web server is Apache/2.4.18 (Ubuntu):
certbot --version
certbot 0.31.0
you have created a correct dns-txt entry ( https://check-your-website.server-daten.de/?q=orateldiagnostics.com ):
| Domainname | TXT Entry | Status | ∑ Queries | ∑ Timeout |
|---|---|---|---|---|
| orateldiagnostics.com | ok | 1 | 0 | |
| www.orateldiagnostics.com | 1 | 0 | ||
| _acme-challenge.orateldiagnostics.com | Name Error - The domain name does not exist | 1 | 0 | |
| _acme-challenge.www.orateldiagnostics.com | wagD9IhRxjInXULpldy7Vqd8L6_UtSeOHhjO4Mml0VQ | looks good | 1 | 0 |
And you have two new certificates ( crt.sh | www.orateldiagnostics.com ):
But your server sends http over port 443, so your ssl configuration doesn't work.
| Domainname | Http-Status | redirect | Sec. | G |
|---|---|---|---|---|
| • http://orateldiagnostics.com/ | ||||
| 104.197.13.170 | 301 | https://www.orateldiagnostics.com/ | 0.680 | E |
| • http://www.orateldiagnostics.com/ | ||||
| 104.197.13.170 | 301 | https://www.orateldiagnostics.com/ | 0.257 | A |
| • https://orateldiagnostics.com/ | ||||
| 104.197.13.170 | -4 | 0.464 | W | |
| SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format. | ||||
| • https://www.orateldiagnostics.com/ | ||||
| 104.197.13.170 | -4 | 0.467 | W | |
| SendFailure - The underlying connection was closed: An unexpected error occurred on a send. The handshake failed due to an unexpected packet format. | ||||
| • http://orateldiagnostics.com:443/ | ||||
| 104.197.13.170 | 200 | 0.240 | Q |
Grade Q - that's
The handshake failed due to an unexpected packet format.
the typical error message.
So certificate creation works.
What says
certbot certificates
I turned off redirect over 443
Also, I created a test file at
http://www.orateldiagnostics.com/.well-known/acme-challenge/test.txt
which can be seen at http
sudo certbot certificates gives…
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/orateldiagnostics.com/cert.pem is unknown
Found the following certs:
Certificate Name: orateldiagnostics.com
Domains: orateldiagnostics.com www.orateldiagnostics.com
Expiry Date: 2019-04-16 23:31:18+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/orateldiagnostics.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/orateldiagnostics.com/privkey.pem
sudo certbot renew --dry-run gives …
Thanks Again
Sorry the previous post did not look like it was able to display the output. Here is the output from sudo certbot renew --dry-run …
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/orateldiagnostics.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for orateldiagnostics.com
http-01 challenge for www.orateldiagnostics.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (orateldiagnostics.com) from /etc/letsencrypt/renewal/orateldiagnostics.com.conf produced an unexpected error: Failed authorization procedure. orateldiagnostics.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://orateldiagnostics.com/.well-known/acme-challenge/Q28Y0OrmFme9aPtKs7XUzjuQHNKPR1T_EApl32M2epE [104.197.13.170]: “\n\n403 Forbidden\n\n
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Processing /etc/letsencrypt/renewal/orateldiagnostics.com.conf
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for orateldiagnostics.com
http-01 challenge for www.orateldiagnostics.com
Waiting for verification…
Cleaning up challenges
Attempting to renew cert (orateldiagnostics.com) from /etc/letsencrypt/renewal/orateldiagnostics.com.conf produced an unexpected error: Failed authorization procedure. orateldiagnostics.com (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://orateldiagnostics.com/.well-known/acme-challenge/Q28Y0OrmFme9aPtKs7XUzjuQHNKPR1T_EApl32M2epE [104.197.13.170]: “\n\n403 Forbidden\n\n
Your test file works!
So you have found your correct webroot. Then use this webroot.
certbot run -a webroot -i apache -w yourWebRoot -d www.orateldiagnostics.com -d orateldiagnostics.com
It looks like that worked… thank you so much.
Yep, now you have a new certificate:
CN=www.orateldiagnostics.com
24.04.2019
23.07.2019
expires in 89 days
orateldiagnostics.com, www.orateldiagnostics.com - 2 entries
And Grade B is very good.
But your page doesn't work. There is php code visible:
<?php
/**
* Front to the WordPress application. This file doesn't do anything, but loads
* wp-blog-header.php which does and tells WordPress to load the theme.
*
* @package WordPress
*/
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );
That's always bad. A server should never send code.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.